Replace build scripts with prepare scripts

2020-08-27 18:14:41 -07:00
parent 4ed4d9ed4a
commit bee5d4ce1b
18 changed files with 745 additions and 931 deletions
--- a/Vagrant/scripts/MakeWindows10GreatAgain.ps1
+++ b/Vagrant/scripts/MakeWindows10GreatAgain.ps1
@@ -11,15 +11,6 @@ if ($onedrive) {
 }
 c:\Windows\SysWOW64\OneDriveSetup.exe /uninstall

-# Fix in 1903
-#Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Removing Microsoft Store and Edge shortcuts from the taskbar..."
-#$appname = "Microsoft Edge"
-#((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() | ?{$_.Name -eq $appname}).Verbs() | ?{$_.Name.replace('&','') -match 'Unpin from taskbar'} | %{$_.DoIt(); $exec = $true}
-#$appname = "Microsoft Store"
-#((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() | ?{$_.Name -eq $appname}).Verbs() | ?{$_.Name.replace('&','') -match 'Unpin from taskbar'} | %{$_.DoIt(); $exec = $true}
-#$appname = "Mail"
-#((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() | ?{$_.Name -eq $appname}).Verbs() | ?{$_.Name.replace('&','') -match 'Unpin from taskbar'} | %{$_.DoIt(); $exec = $true}
-
 Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Disabling automatic screen turnoff in order to prevent screen locking..."
 powercfg -change -monitor-timeout-ac 0
 powercfg -change -standby-timeout-ac 0
@@ -28,6 +19,8 @@ powercfg -change -hibernate-timeout-ac 0
 # Download and install ShutUp10
 Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading ShutUp10..."
 [Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls"
+# Disabling the progress bar speeds up IWR https://github.com/PowerShell/PowerShell/issues/2138
+$ProgressPreference = 'SilentlyContinue'
 $shutUp10DownloadUrl = "https://dl5.oo-software.com/files/ooshutup10/OOSU10.exe"
 $shutUp10RepoPath = "C:\Users\vagrant\AppData\Local\Temp\OOSU10.exe"
 if (-not (Test-Path $shutUp10RepoPath)) {
--- a/Vagrant/scripts/download_palantir_wef.ps1
+++ b/Vagrant/scripts/download_palantir_wef.ps1
@@ -8,6 +8,8 @@ If (-not (Test-Path $wefRepoPath))
 {
    # GitHub requires TLS 1.2 as of 2/1/2018
    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+    # Disabling the progress bar speeds up IWR https://github.com/PowerShell/PowerShell/issues/2138
+    $ProgressPreference = 'SilentlyContinue'
    Invoke-WebRequest -Uri "https://github.com/palantir/windows-event-forwarding/archive/master.zip" -OutFile $wefRepoPath
    Expand-Archive -path "$wefRepoPath" -destinationpath 'c:\Users\vagrant\AppData\Local\Temp' -Force
 }
--- a/Vagrant/scripts/install-microsoft-ata.ps1
+++ b/Vagrant/scripts/install-microsoft-ata.ps1
@@ -45,6 +45,8 @@ If (-not (Test-Path "C:\Program Files\Microsoft Advanced Threat Analytics\Center
    If ($download -eq $true)
    {
        Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading $title..."
+        # Disabling the progress bar speeds up IWR https://github.com/PowerShell/PowerShell/issues/2138
+        $ProgressPreference = 'SilentlyContinue'
        Invoke-WebRequest -Uri $downloadUrl -OutFile "$env:temp\$title.iso"
        $actualHash = (Get-FileHash -Algorithm SHA256 -Path "$env:temp\$title.iso").Hash
        If (-not ($actualHash -eq $fileHash))
@@ -111,6 +113,8 @@ Invoke-Command -computername dc -Credential (new-object pscredential("windomain\

    If (-not (Test-Path "$env:temp\gatewaysetup.zip")) {
        Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) [$env:computername] Downloading ATA Lightweight Gateway from WEF now..."
+        # Disabling the progress bar speeds up IWR https://github.com/PowerShell/PowerShell/issues/2138
+        $ProgressPreference = 'SilentlyContinue'
        Invoke-WebRequest -uri https://wef/api/management/softwareUpdates/gateways/deploymentPackage -UseBasicParsing -OutFile "$env:temp\gatewaysetup.zip" -Credential (new-object pscredential("wef\vagrant", (convertto-securestring -AsPlainText -Force -String "vagrant")))
        Expand-Archive -Path "$env:temp\gatewaysetup.zip" -DestinationPath "$env:temp\gatewaysetup" -Force
    }
--- a/Vagrant/scripts/install-osquery.ps1
+++ b/Vagrant/scripts/install-osquery.ps1
@@ -11,6 +11,8 @@ If (-not ($service)) {
  # Download the flags file from the Palantir osquery-configuration Github
  # GitHub requires TLS 1.2 as of 2/1/2018
  [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+  # Disabling the progress bar speeds up IWR https://github.com/PowerShell/PowerShell/issues/2138
+  $ProgressPreference = 'SilentlyContinue'
  Invoke-WebRequest -Uri "https://raw.githubusercontent.com/palantir/osquery-configuration/master/Classic/Endpoints/Windows/osquery.flags" -OutFile $flagfile

  ## Use the TLS config
--- a/Vagrant/scripts/install-redteam.ps1
+++ b/Vagrant/scripts/install-redteam.ps1
@@ -3,6 +3,11 @@
 Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing Red Team Tooling..."
 $hostname = $(hostname)

+# Disabling the progress bar speeds up IWR https://github.com/PowerShell/PowerShell/issues/2138
+$ProgressPreference = 'SilentlyContinue'
+# GitHub requires TLS 1.2 as of 2/27
+[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+
 # Windows Defender should be disabled already by O&O ShutUp10 and the GPO
 If ($hostname -eq "win10") {
  # Adding Defender exclusions just in case
@@ -18,75 +23,78 @@ If ($hostname -ne "win10" -And (Get-Service -Name WinDefend -ErrorAction Silentl
  Try {
    Uninstall-WindowsFeature Windows-Defender -ErrorAction Stop
    Uninstall-WindowsFeature Windows-Defender-Features -ErrorAction Stop
-  }
-  Catch {
+  } Catch {
    Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Windows Defender did not uninstall successfully..."
    Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) We'll try again during install-red-team.ps1"
  }
-}
-Else  {
+} Else  {
  Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Windows Defender has already been disabled or uninstalled."
 }
+
 # Purpose: Downloads and unzips a copy of the latest Mimikatz trunk
 Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Determining latest release of Mimikatz..."
-# GitHub requires TLS 1.2 as of 2/27
-[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
 $tag = (Invoke-WebRequest "https://api.github.com/repos/gentilkiwi/mimikatz/releases" -UseBasicParsing | ConvertFrom-Json)[0].tag_name
 $mimikatzDownloadUrl = "https://github.com/gentilkiwi/mimikatz/releases/download/$tag/mimikatz_trunk.zip"
 $mimikatzRepoPath = 'C:\Users\vagrant\AppData\Local\Temp\mimikatz_trunk.zip'
-if (-not (Test-Path $mimikatzRepoPath)) {
+If (-not (Test-Path $mimikatzRepoPath)) {
  Invoke-WebRequest -Uri "$mimikatzDownloadUrl" -OutFile $mimikatzRepoPath
  Expand-Archive -path "$mimikatzRepoPath" -destinationpath 'c:\Tools\Mimikatz' -Force
-}
-else {
+} Else {
  Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Mimikatz was already installed. Moving On."
 }

 # Download and unzip a copy of PowerSploit
 Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Powersploit..."
-# GitHub requires TLS 1.2 as of 2/27
-[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
 $powersploitDownloadUrl = "https://github.com/PowerShellMafia/PowerSploit/archive/dev.zip"
 $powersploitRepoPath = "C:\Users\vagrant\AppData\Local\Temp\powersploit.zip"
-if (-not (Test-Path $powersploitRepoPath)) {
+If (-not (Test-Path $powersploitRepoPath)) {
  Invoke-WebRequest -Uri "$powersploitDownloadUrl" -OutFile $powersploitRepoPath
  Expand-Archive -path "$powersploitRepoPath" -destinationpath 'c:\Tools\PowerSploit' -Force
  Copy-Item "c:\Tools\PowerSploit\PowerSploit-dev\*" "$Env:windir\System32\WindowsPowerShell\v1.0\Modules" -Recurse -Force
-}
-else {
+} Else {
  Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) PowerSploit was already installed. Moving On."
 }

-# Download and unzip a copy of Atomic Red Team
-Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Atomic Red Team..."
-# GitHub requires TLS 1.2 as of 2/27
-[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-$atomicRedTeamDownloadUrl = "https://github.com/redcanaryco/atomic-red-team/archive/master.zip"
-$atomicRedTeamRepoPath = "C:\Users\vagrant\AppData\Local\Temp\atomic_red_team.zip"
-if (-not (Test-Path $atomicRedTeamRepoPath)) {
-  Invoke-WebRequest -Uri "$atomicRedTeamDownloadUrl" -OutFile "$atomicRedTeamRepoPath"
-  Expand-Archive -path "$atomicRedTeamRepoPath" -destinationpath 'c:\Tools\Atomic Red Team' -Force
-}
-else {
-  Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Atomic Red Team was already installed. Moving On."
-}
-
 # Download and unzip a copy of BadBlood
 Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading BadBlood..."
-# GitHub requires TLS 1.2 as of 2/27
-[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
 $badbloodDownloadUrl = "https://github.com/davidprowe/BadBlood/archive/master.zip"
 $badbloodRepoPath = "C:\Users\vagrant\AppData\Local\Temp\badblood.zip"
-if (-not (Test-Path $badbloodRepoPath)) {
+If (-not (Test-Path $badbloodRepoPath)) {
  Invoke-WebRequest -Uri "$badbloodDownloadUrl" -OutFile "$badbloodRepoPath"
  Expand-Archive -path "$badbloodRepoPath" -destinationpath 'c:\Tools\BadBlood' -Force
  # Lower the number of default users to be created by BadBlood
  $invokeBadBloodPath = "c:\Tools\BadBlood\BadBlood-master\Invoke-BadBlood.ps1"
  ((Get-Content -path $invokeBadBloodPath -Raw) -replace '1000..5000','500..1500') | Set-Content -Path $invokeBadBloodPath
-}
-else {
+} Else {
  Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) BadBlood was already installed. Moving On."
 }

+# Download and install Invoke-AtomicRedTeam
+Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Invoke-AtomicRedTeam and atomic tests..."
+If (-not (Test-Path "C:\Tools\AtomicRedTeam")) {
+  Install-PackageProvider -Name NuGet -Force
+  IEX (IWR 'https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicredteam.ps1' -UseBasicParsing);
+  Install-AtomicRedTeam -getAtomics -InstallPath "c:\Tools\AtomicRedTeam"
+  Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Updating Profile.ps1 to import the Invoke-AtomicRedTeam module..."
+  Add-Content -Path C:\Windows\System32\WindowsPowerShell\v1.0\Profile.ps1 'Import-Module "C:\Tools\AtomicRedTeam\invoke-atomicredteam\Invoke-AtomicRedTeam.psd1" -Force
+$PSDefaultParameterValues = @{"Invoke-AtomicTest:PathToAtomicsFolder"="C:\Tools\AtomicRedTeam\atomics"}' -Force
+} Else {
+  Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Invoke-AtomicRedTeam was already installed. Moving On."
+}
+
+# Purpose: Downloads the latest release of PurpleSharpNewtonsoft.Json.dll
+New-Item -Path "c:\Tools\" -Name "PurpleSharp" -ItemType "directory"
+Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Determining latest release of Purplesharp..."
+$tag = (Invoke-WebRequest "https://api.github.com/repos/mvelazc0/PurpleSharp/releases" -UseBasicParsing | ConvertFrom-Json)[0].tag_name
+$purplesharpDownloadUrl = "https://github.com/mvelazc0/PurpleSharp/releases/download/$tag/PurpleSharp.exe"
+$purplesharpDllDownloadURL = "https://github.com/mvelazc0/PurpleSharp/releases/download/$tag/Newtonsoft.Json.dll"
+If (-not (Test-Path "c:\Tools\PurpleSharp\PurpleSharp.exe")) {
+  Invoke-WebRequest -Uri $purplesharpDownloadUrl -OutFile "c:\Tools\PurpleSharp\PurpleSharp.exe"
+  Invoke-WebRequest -Uri $purplesharpDllDownloadUrl -OutFile "c:\Tools\PurpleSharp\Newtonsoft.Json.dll"
+}
+Else {
+  Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) PurpleSharp was already installed. Moving On."
+}
+
 Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Red Team tooling installation complete!"

--- a/Vagrant/scripts/install-velociraptor.ps1
+++ b/Vagrant/scripts/install-velociraptor.ps1
@@ -12,6 +12,8 @@ If (Select-String -Path "c:\windows\system32\drivers\etc\hosts" -Pattern "logger
 Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Determining latest release of Velociraptor..."
 # GitHub requires TLS 1.2 as of 2/27
 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+# Disabling the progress bar speeds up IWR https://github.com/PowerShell/PowerShell/issues/2138
+$ProgressPreference = 'SilentlyContinue'
 $tag = (Invoke-WebRequest "https://api.github.com/repos/Velocidex/velociraptor/releases" -UseBasicParsing | ConvertFrom-Json)[0].tag_name
 # Workaround hardcoded URL until this issue gets fixed: https://github.com/Velocidex/velociraptor/issues/528
 $velociraptorDownloadUrl = "https://github.com/Velocidex/velociraptor/releases/download/v0.4.7/velociraptor-v0.4.7-1-windows-amd64.msi"
--- a/Vagrant/scripts/provision.ps1
+++ b/Vagrant/scripts/provision.ps1
@@ -1,6 +1,7 @@
 # Purpose: Sets timezone to UTC, sets hostname, creates/joins domain.
 # Source: https://github.com/StefanScherer/adfs2

+$ProfilePath = "C:\Windows\System32\WindowsPowerShell\v1.0\profile.ps1"
 $box = Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName -Name "ComputerName"
 $box = $box.ComputerName.ToString().ToLower()

@@ -10,6 +11,15 @@ c:\windows\system32\tzutil.exe /s "UTC"
 Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Checking if Windows evaluation is expiring soon or expired..."
 . c:\vagrant\scripts\fix-windows-expiration.ps1

+If (!(Test-Path $ProfilePath)) {
+  Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Disabling the Invoke-WebRequest download progress bar globally for speed improvements." 
+  Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) See https://github.com/PowerShell/PowerShell/issues/2138 for more info"
+  New-Item -Path $ProfilePath | Out-Null
+  If (!(Get-Content $Profilepath| % { $_ -match "SilentlyContinue" } )) {
+    Add-Content -Path $ProfilePath -Value "$ProgressPreference = 'SilentlyContinue'"
+  }
+}
+
 # Ping DetectionLab server for usage statistics
 curl -userAgent "DetectionLab-$box" "https://ping.detectionlab.network/$box" -UseBasicParsing | out-null